I was wondering how people sync the roaming profiles in an environment with a PDC and multiple BDCs. Are profiles better stored in another server (a member server) instead of the xDC? I could use rsync from the PDC to the BDC, but that doesn't work the other way around, i.e., when a user logs in via a BDC whatever changes they make won't go back to the PDC. Unless the profile is: - always stored in the PDC - stored elsewhere (i.e., not a xDC) Seems it's better to store the profiles in a single server and live with it when that server goes down for some reason or another. Or not? What do people usually do?
On Thu, 2005-10-20 at 09:56 -0200, Andreas wrote:> I was wondering how people sync the roaming profiles in an environment > with a PDC and multiple BDCs. Are profiles better stored in another > server (a member server) instead of the xDC? > > I could use rsync from the PDC to the BDC, but that doesn't work the > other way around, i.e., when a user logs in via a BDC whatever changes > they make won't go back to the PDC. Unless the profile is: > - always stored in the PDC > - stored elsewhere (i.e., not a xDC) > > Seems it's better to store the profiles in a single server and live with > it when that server goes down for some reason or another. Or not? What > do people usually do?---- with passdb of tdb or ldap, you can specify a valid share on any member server or DC for each specific user rather than just using one share on one server for all users. Bear in mind that on Samba profile shares, it is typical to use a few directives such as 'csc policy = disable' and 'profile acls = yes' I think it is much easier to control/script/maintain ldapsam than tdbsam passdb's but that's my opinion. Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
On Thu, Oct 20, 2005 at 03:41:44PM +0200, Robert Schetterer wrote:> Having a bdc in another net i.e over vpn to another office > so you give the profile and home path to that bdc in the ldap entries of > the users of this "remote" office.Ok, that scenario is clear.> The other part ist to have the bdc as a fallback to the pdc, there for > you have to make sure thatThat is my scenario: BDCs around as a fallback and to alleviate the load on the PDC for auth purposes.> files , homes , profiles got in sync with the pdc ones. > There are so many ways to do this that i can describe...this is relatedThe problem is that these methods are ony way: rsync from PDC to BDC or vice-versa. Which means that, when using %L in the profile specification, the user would either be using the PDC one or the BDC one. rsync doesn't really work well here, since it's one-way. And NFS gives me nightmares :) That's why I asked the list about what most people would do in this scenario.> how you wanna do this > i.e rsync nfs copy etc. and which fits best to your needs. > It is a good idea speacialy in bigger networks hosting profiles and > homes not on the pdc/bdc > and let them do only auth jobs. for hosting profiles and homes you might > use a nas server > which has raid etcI'm inclined to do that, not only to make sure xDCs only serve auth, but because of the profile sync problem. If I place the profiles elsewhere (in another server), the only problem I could have if that server went down is the (temporary) loss of the profile. Users should be instructed to not store important things there anyway (the profile has to be small).